Team Clark is adamant that we will never write content influenced by or paid for by an advertiser. To support our work, we do make money from some links to companies and deals on our site. Learn more about our guarantee here.

Advertisement

Ride-sharing service Uber is being maligned again after the company announced Tuesday that it suffered a massive cybersecurity breach last year. The hack exposed the data of more than 57 million riders and drivers that use the Uber app, one of the most successful tech companies of the past five years.

The most disturbing aspect of the Uber data breach

While data breaches have unfortunately part of doing business in this information age, the most disturbing thing about these recent incidents are the timelines: Both Equifax and Uber waited a significant amount of time to alert their customers and users.

In the Equifax case, criminals accessed the Atlanta-based company’s computer system on July 29. The public was not told of the hack until September 7, more than a month later.

For Uber, the breach occurred “late” last year, but we’re just now hearing about it mere weeks before we ring in 2018. These companies aren’t the only ones waiting a while before they tell their customers of security problems.

Yahoo didn’t disclose two breaches it experienced until two years and three years respectively went by, of course for most of that time the company said it was unaware of the hacks.

The delays — at best — seem to signal that companies are still unsure of when and how to communicate bad news to their customers. At worst, the slow responses could show a callous disregard for the personal information of others.

Of course, there are valid reasons why companies wouldn’t quickly disclose breaches, such as cases where law enforcement agencies is tracking the hackers and want to continue to accumulate info that would lead to a bigger fish, so to speak.

Another reason why companies are slow in reporting hacks is that different states have particular notification processes that must be followed. Forty-Eight states, D.C., Guam, the Virgin Islands and Puerto Rico all have statutes on the books related to breaches, according to the National Conference of State Legislatures website.

And there’s always the explanation that the higher-ups are always the last to know. In a statement, CEO Dara Khosrowshahi, who was appointed in August, said that he too was kept in the dark about the incident.

“I recently learned that in late 2016 we became aware that two individuals outside the company had inappropriately accessed user data stored on a third-party cloud-based service that we use,” Khosrowshahi said. “The incident did not breach our corporate systems or infrastructure.”

He said that outside forensics experts haven’t found any evidence to lead them to believe that users’ trip histories, credit card numbers, Social Security numbers or dates of birth were downloaded.

The data that was accessed though includes the names and driver’s license numbers of around 600,000 drivers in the United States. Also, some personal information of 57 million Uber users around the world, including the drivers described above.

What to do if you’ve been exposed to a data breach

At this point, Uber is saying that it has “seen no evidence of fraud or misuse tied to the incident.” But that doesn’t mean anything going forward, as crooks may be able to take out new lines of credit in your name for the foreseeable future.

Unfortunately, consumers exposed to data breaches will have to keep safeguards in place for the rest of their lives.

Craig Johnson is a conscious money-saver who stills read paperback books and listens to vinyl. He likes to write about how technology is making things easier and more affordable — but also sometimes more dangerous — for the modern consumer.